Re: [vserver] LVM within Vserver guests

From: Marco Carnut <kiko_at_tempest.com.br>
Date: Tue 04 Feb 2014 - 12:51:38 GMT
Message-ID: <1391518298.3490.27.camel@evo>

Hi Ted,

> I'm using Vserver guests, each within its own LVM (Wheezy with Mate,
> LibreOffice, Firefox etc.) I'm using LVM as a means to manage each
> guest's space.
>
> I've been experimenting with LVM snapshots as a way to restore a guest
> quickly should it became compromised from an attacker. Initial
> experiments show the restores go quickly, though I have only run a few
> tests (i.e., the snapshots restore more quickly than building a standard
> guest from template).
>
> Q: has anyone using guests in LVMs put /home in one logical volume and
> rest of the of the guest in another? Can you use nested LVMs for
> Vserver guests?

I used to do that with no problem for years. The
downside is that you'll have to mount several
filesystems, so you won't be able to benefit from
unification. I also recommend using a filesystem
fast mounts and little need of frequent fsck's.
I used reiserfs in that capacity for many years
with zero incidents. xfs seems to work fine.
In more recent kernels I've been favoring btrfs.

Lately I've been using everything in one filesystem
so I can benefit from unification, using vserver ... build's clone
method. It's considerably slower than
snapshotting/mounting, but still takes just a few
seconds (if you're using SSDs it's even faster),
but you can cram a lot of vservers in an otherwise
modest machine.

A few years ago I even made a live demo of the whole
concept as a VMware virtual machine (it plays fine
in VirtualBox as well) using and old Ubuntu LTS,
if you don't mind downloading 1.5GB of data:

http://www.postcogito.org/vsdemo0.5-ubuntu10_04-32bit.7z
(the guest user's password is 'demovs')

> My thought here is that you could use snapshots to restore the guest's
> system to a "pristine" state without having to restore /home and its
> data, or have the choice to restore /home vs. the rest of the guests
> from separate snapshots.

That is roughly the concept this demo implements,
although in this case we restore everything, not
only /home.

A few years back I tried to gather people to try and
make a distro out of this concept, but at the time
there was little interest.

--Marco "Kiko" Carnut
--Tempest Security Intelligence -- www.tempestsi.com
Received on Tue Feb 4 12:51:51 2014

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 04 Feb 2014 - 12:51:51 GMT by hypermail 2.1.8